Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

55
1
Medium Cost
ngandugilbert icon

cellpilot-mcp

by ngandugilbert

Sec4

Empowers AI assistants to perform comprehensive read, write, and manipulation operations on Excel files.

Setup Requirements

  • ⚠️The `mcp.json` configuration examples use `dnx`, which is a deprecated command from early .NET Core. Users will likely encounter issues as `dnx` is not typically available in modern .NET environments. The correct command for a global tool would likely be `dotnet CellPilotMCP` after installation, or `dotnet run` for local development.
  • ⚠️While the deployed application is stated to be self-contained, installing from NuGet (implicitly via `dnx` or `dotnet tool`) or running from source requires the .NET SDK to be installed.
  • ⚠️Configuring this server grants a connected AI assistant (like GitHub Copilot) extensive control over local Excel files, requiring a high degree of trust in the AI's interpretation of user commands and its ability to not misuse the granted capabilities.
Review RequiredView Analysis
Crucially, the actual C# source code for the MCP server was not provided, making a comprehensive security audit impossible. The analysis is based solely on the README's description of features. The server's extensive file system and data manipulation capabilities (e.g., creating, copying, deleting files, writing to arbitrary cells, reading any data) present significant security risks if not implemented with robust input validation, path sanitization, and access control. Without code, there is no way to verify protection against path traversal, arbitrary code execution, or ReDoS attacks with `SearchWithRegex`. Running this server grants an AI agent powerful capabilities over local files, which inherently requires high trust and careful implementation.
Updated: 2025-12-02GitHub
55
144
Medium Cost
Taxuspt icon

garmin_mcp

by Taxuspt

Sec9

Exposes Garmin Connect fitness and health data to Claude and other MCP-compatible clients.

Setup Requirements

  • ⚠️Requires initial interactive login for Garmin Connect MFA to generate OAuth tokens if MFA is enabled and tokens are not present.
  • ⚠️Specific Python environment managed by `uvx` and Python 3.12 is recommended for direct execution/Claude Desktop integration.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json` for full integration.
Verified SafeView Analysis
The server uses environment variables or file-based secrets for Garmin Connect credentials, which is a good security practice. OAuth tokens are persisted locally (e.g., in `~/.garminconnect`) after an initial login, which helps with MFA handling. All API calls are wrapped in exception handlers. No 'eval' or direct command injection vectors are apparent in the provided source code. Error messages from underlying API calls are returned directly, which could expose some internal details but is not critical for a self-hosted client.
Updated: 2026-01-15GitHub
55
1
High Cost
CongosNL icon
Sec4

Analyzes a project's tech stack to resolve and provision necessary AI assistant skills and MCP servers.

Setup Requirements

  • ⚠️Requires integration into a compatible AI coding assistant (e.g., Claude Code, OpenAI Codex, Cursor).
  • ⚠️Requires external network access to search MCP registries and skill marketplaces.
  • ⚠️Requires local filesystem read/write access for detecting existing tools and provisioning new ones (e.g., `.mcp.json`, skill directories).
  • ⚠️Assumes specific AI-assistant CLI tools or configuration patterns are present for installation.
Review RequiredView Analysis
The skill instructs the AI assistant to read local configuration files (e.g., `.mcp.json`, `~/.claude/settings.json`) which may contain sensitive data. Critically, it directs the AI to search external registries and marketplaces (e.g., skillsmp.com, registry.modelcontextprotocol.io) and then provision tools (install via `cp`, `curl`, `claude mcp add`, or modify `.mcp.json`). This process introduces significant supply chain risk, as a compromised registry or a malicious tool listed on these platforms could lead to the AI installing harmful or unvetted software onto the user's system without direct human inspection of the downloaded code.
Updated: 2026-01-17GitHub
55
1
High Cost
aringad icon
Sec9

Integrates Fatture in Cloud (Italian electronic invoicing) with AI assistants like Claude to manage invoices, clients, and financial summaries through natural language.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires an active Fatture in Cloud account with API enabled and manual generation of an API access token and company ID.
  • ⚠️Requires a compatible MCP client (e.g., Claude Desktop) and manual configuration of its JSON settings file.
Verified SafeView Analysis
The server loads API tokens and sensitive configuration from environment variables, which is a good security practice. It uses an official SDK (fattureincloud-python-sdk) for API interactions. The README explicitly highlights that 'write' and 'send to SDI' operations require user confirmation and are irreversible. No 'eval' or similar dynamic code execution functions were found. A minor area for improvement could be to log full tracebacks internally instead of returning them to the client on error, to prevent potential information disclosure in some contexts.
Updated: 2025-12-11GitHub
55
1
Low Cost
xandwr icon

mcpd

by xandwr

Sec5

Aggregates multiple Model Context Protocol (MCP) servers into a single endpoint for clients, allowing centralized management and on-demand spawning of tools.

Setup Requirements

  • ⚠️Requires Rust and Cargo to install from source (via `cargo install`).
  • ⚠️Users must manually register each individual MCP server using the `mcpd register` CLI command.
  • ⚠️MCP clients (e.g., Claude, VSCode) need to be configured to connect to `mcpd serve` instead of individual servers.
Verified SafeView Analysis
The daemon's core function involves spawning and running arbitrary user-defined commands (`mcpd register <name> <command> [args...]`) with custom environment variables. This is a powerful feature that, if misused or if the user's system is compromised, could allow arbitrary code execution. `mcpd` itself does not introduce network attack surfaces, as it operates over stdio, but it acts as an executor for local commands. It is safe to run provided the user explicitly trusts all commands and environment variables they register with it.
Updated: 2025-12-06GitHub
55
1
High Cost
abundancemarble icon

MCP-server

by abundancemarble

Sec1

The GitHub MCP Server connects AI tools like agents, assistants, and chatbots directly to GitHub's platform, enabling natural language interaction for repository management, issue/PR automation, CI/CD intelligence, code analysis, and team collaboration.

Setup Requirements

  • ⚠️Requires a compatible MCP host (e.g., VS Code 1.101+, Claude Desktop, Cursor, Windsurf) with remote server support.
  • ⚠️Specific policies may need to be enabled on the host.
  • ⚠️Requires OAuth or other authentication setup for GitHub access.
Review RequiredView Analysis
A critical security audit cannot be performed as only documentation files (README.md, github-actions.md) were provided, not the actual server source code. Without access to the implementation, it's impossible to check for vulnerabilities like 'eval' usage, obfuscation, network risks, hardcoded secrets, or malicious patterns.
Updated: 2026-01-17GitHub
55
1
High Cost
jasonkim8652 icon

protein-design-mcp

by jasonkim8652

Sec8

An MCP server that enables LLM agents to run end-to-end protein binder design pipelines using advanced bioinformatics tools.

Setup Requirements

  • ⚠️Requires download of approximately 10GB of model weights on first run.
  • ⚠️Requires NVIDIA GPU with NVIDIA Container Toolkit for Docker, or CUDA for local setup, for reasonable performance.
  • ⚠️For local installation, external bioinformatics tools (RFdiffusion, ProteinMPNN, ESMFold, and optionally BLAST+) must be installed and configured separately, with their paths specified via environment variables.
Verified SafeView Analysis
The server primarily uses subprocess.create_subprocess_exec for running external tools (RFdiffusion, ProteinMPNN, ColabFold). While generally safer than shell=True, arguments must be carefully sanitized to prevent command injection, which appears to be handled reasonably well in the source code. Extensive network requests are made to public bioinformatics APIs (UniProt, PubMed, RCSB PDB, AlphaFold DB, ColabFold API) for data fetching. File system operations involve temporary directories and user-specified paths for PDBs, FASTA, and JSON files. No obvious hardcoded secrets were found, with configurations relying on environment variables. Containerized deployment with Docker adds a layer of isolation.
Updated: 2026-01-16GitHub
55
1
Medium Cost
adamlevoy icon

reddit-mcp

by adamlevoy

Sec8

Provides Claude Desktop with read-only access to Reddit's API through a remote Model Context Protocol (MCP) server deployed on Cloudflare Workers.

Setup Requirements

  • ⚠️Requires a Cloudflare account for self-hosting deployment.
  • ⚠️Requires obtaining Reddit API credentials (Client ID, Client Secret, Username, Password, User Agent) by creating an app on Reddit.
  • ⚠️Requires setting 6 environment variables as Cloudflare secrets (`REDDIT_CLIENT_ID`, `REDDIT_CLIENT_SECRET`, `REDDIT_USERNAME`, `REDDIT_PASSWORD`, `REDDIT_USER_AGENT`, `SHARED_SECRET`).
Verified SafeView Analysis
Secrets (Reddit API credentials, shared secret) are properly configured as environment variables via Cloudflare Wrangler secrets, preventing hardcoding. The server communicates with legitimate Reddit API endpoints over HTTPS. The SSE endpoints for Claude Desktop compatibility do not enforce explicit authentication on the server-side, relying on the client (`mcp-remote`) to manage session security. The legacy RPC endpoint enforces authentication via a `SHARED_SECRET` bearer token. Overall, the implementation follows good practices for Cloudflare Workers deployments.
Updated: 2026-01-17GitHub
55
30
High Cost
neurondb icon

neurondb

by neurondb

Sec6

A Model Context Protocol (MCP) server designed to expose advanced AI and database functionalities (vector search, ML, RAG, PostgreSQL admin) as tools via a standardized JSON-RPC protocol over STDIN/STDOUT, typically serving as a backend for AI agents or desktop applications.

Setup Requirements

  • ⚠️Requires PostgreSQL with the NeuronDB Extension installed for core AI functionalities (vector search, ML, RAG).
  • ⚠️External LLM/Embedding Provider API Keys (e.g., HuggingFace, OpenAI) are required for many AI operations, incurring external service costs.
  • ⚠️The NeuronMCP server is a Go application; it is typically run as a child process (STDIN/STDOUT JSON-RPC server), often wrapped by the NeuronDesktop API for HTTP/WebSocket access.
  • ⚠️GPU acceleration (CUDA, ROCm, Metal) is optional but highly recommended for performance-critical vector and ML operations, requiring specific hardware and drivers.
Review RequiredView Analysis
The system includes robust security features such as XSS/CSRF protection, rate limiting, and SQL injection prevention (for standard queries) within the NeuronDesktop API wrapper. Critical operations (e.g., full SQL execution) require explicit admin privileges and configuration enablement. However, there are notable risks: 1. Hardcoded Default API Keys: A default HuggingFace API key (`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`) is present in `docker-compose.yml`, which is a significant vulnerability. 2. Insecure Default Passwords: The PostgreSQL password defaults to `neurondb` in `docker-compose.yml`, explicitly marked as a 'SECURITY WARNING' for development only. 3. Temporary Password Logging: During NeuronDesktop API bootstrap, if `ADMIN_PASSWORD` is not set, a temporary password is generated and logged to stderr, potentially exposing credentials in logs.
Updated: 2026-01-19GitHub
55
5
Medium Cost
EllaFerreira icon
Sec8

Builds an AI-powered file assistant server using Model Context Protocol for intelligent interaction with local files.

Setup Requirements

  • ⚠️Requires Claude Desktop to be installed and manually configured via its JSON settings file.
  • ⚠️Requires editing a configuration file with absolute paths, which can be prone to errors for new users.
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The server skeleton code itself is generally safe, as critical file operation logic (list_resources, read_resource, search_files) is left as TODOs for workshop participants. The 'read_resource' TODO explicitly guides for a security measure ('ensure file is in FILES_DIR'), indicating awareness of path traversal risks. However, the actual security depends on how these TODOs are implemented by attendees. The provided code does not use 'eval' or contain hardcoded secrets. Its scope is limited to a 'test_files' directory by default.
Updated: 2025-12-15GitHub
55
65
High Cost
king-of-the-grackles icon

reddit-research-mcp

by king-of-the-grackles

Sec9

AI-powered Reddit intelligence for market research, competitive analysis, and customer discovery across 20,000+ indexed subreddits.

Setup Requirements

  • ⚠️Requires Reddit API credentials (Client ID, Client Secret, User Agent) to be configured as environment variables for server operation.
  • ⚠️Requires a Descope Project ID for authentication setup, provided via environment variable.
  • ⚠️Requires `SERVER_URL` environment variable to be correctly configured for OAuth callbacks and server-info endpoint.
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
All sensitive API keys and URLs are configured via environment variables. Authentication is handled by Descope OAuth2 with a multi-issuer JWT verifier, which is a robust pattern. The server makes external HTTP calls to a ChromaDB proxy for vector search and an Audience API for feed management; the security of these external services and the trustworthiness of the `AUDIENCE_API_URL` are critical considerations. No `eval` or obvious malicious patterns were found in the provided source code.
Updated: 2025-12-11GitHub
55
1
High Cost
wolfdogwww icon

mcp-redmine-proxy

by wolfdogwww

Sec9

Provides an HTTP bridge and MCP server for LLMs to interact with Redmine instances, enabling issue management, project browsing, and attachment handling.

Setup Requirements

  • ⚠️Requires Docker installed and the 'mcp-redmine-proxy' image to be built.
  • ⚠️Mandatory environment variables: REDMINE_URL (Redmine instance URL), REDMINE_API_KEY (Redmine user API key).
  • ⚠️If using REDMINE_REQUEST_INSTRUCTIONS, the file must be mounted into the Docker container at the path specified by the environment variable.
Verified SafeView Analysis
The server uses environment variables for sensitive data (API keys), preventing hardcoding. It executes its internal MCP server as a controlled subprocess, limiting arbitrary command injection risks. File operations for upload/download validate absolute paths and existence, mitigating basic path traversal vulnerabilities. No obvious use of 'eval' or other highly dangerous patterns was found.
Updated: 2025-12-10GitHub
PreviousPage 45 of 760Next